(ranger) branch ranger-2.6 updated: RANGER-5116: updated Ranger plugin to support configurations to initialize UserGroupInfomation (#518) (cherry picked from commit cbf41521a0d1b763cf44d84b1fbd1b485301830c)

Mon, 27 Jan 2025 17:27:56 -0800 

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch ranger-2.6
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/ranger-2.6 by this push:
     new 5da8a9249e  RANGER-5116: updated Ranger plugin to support 
configurations to initialize UserGroupInfomation (#518)  (cherry picked from 
commit cbf41521a0d1b763cf44d84b1fbd1b485301830c)
5da8a9249e is described below

commit 5da8a9249e0aba2a69cbc387f2c57bd548ff32c4
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Mon Jan 27 17:17:02 2025 -0800

     RANGER-5116: updated Ranger plugin to support configurations to initialize 
UserGroupInfomation (#518)
     (cherry picked from commit cbf41521a0d1b763cf44d84b1fbd1b485301830c)
---
 .../ranger/plugin/service/RangerBasePlugin.java    | 55 ++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index fe883f078e..58b0bcc2bb 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -19,14 +19,17 @@
 
 package org.apache.ranger.plugin.service;
 
+import java.io.IOException;
 import java.util.*;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang.StringUtils;
+import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.ranger.admin.client.RangerAdminClient;
 import org.apache.ranger.admin.client.RangerAdminRESTClient;
 import org.apache.ranger.audit.provider.AuditHandler;
 import org.apache.ranger.audit.provider.AuditProviderFactory;
+import org.apache.ranger.audit.provider.MiscUtil;
 import org.apache.ranger.audit.provider.StandAloneAuditProviderFactory;
 import org.apache.ranger.authorization.hadoop.config.RangerAuditConfig;
 import org.apache.ranger.authorization.hadoop.config.RangerPluginConfig;
@@ -111,6 +114,58 @@ public RangerBasePlugin(RangerPluginConfig pluginConfig) {
                
setIsFallbackSupported(pluginConfig.getBoolean(pluginConfig.getPropertyPrefix() 
+ ".is.fallback.supported", false));
                setServiceAdmins(serviceAdmins);
 
+               String  ugiPrefix = pluginConfig.getPropertyPrefix() + ".ugi";
+               boolean initUgi   = pluginConfig.getBoolean(ugiPrefix + 
".initialize", false);
+
+               if (initUgi) {
+                       String ugiLoginType = pluginConfig.get(ugiPrefix + 
".login.type");
+
+                       if (StringUtils.equalsIgnoreCase(ugiLoginType, 
"keytab")) {
+                               String principal = pluginConfig.get(ugiPrefix + 
".keytab.principal");
+                               String keytab    = pluginConfig.get(ugiPrefix + 
".keytab.file");
+
+                               if (StringUtils.isNotBlank(principal) && 
StringUtils.isNotBlank(keytab)) {
+                                       LOG.info("UGI login: principal={}, 
keytab={}", principal, keytab);
+
+                                       try {
+                                               
UserGroupInformation.loginUserFromKeytab(principal, keytab);
+                                       } catch (IOException excp) {
+                                               LOG.error("UGI login: failed", 
excp);
+
+                                               throw new 
RuntimeException(excp);
+                                       }
+                               } else {
+                                       String msg = String.format("UGI login: 
invalid configuration: %s=%s, %s=%s", ugiPrefix + ".keytab.principal", 
principal, ugiPrefix + ".keytab.file", keytab);
+
+                                       LOG.error(msg);
+
+                                       throw new RuntimeException(msg);
+                               }
+                       } else if (StringUtils.equalsIgnoreCase(ugiLoginType, 
"jaas")) {
+                               String jaasAppConfig = 
pluginConfig.get(ugiPrefix + ".jaas.appconfig");
+
+                               if (StringUtils.isNotBlank(jaasAppConfig)) {
+                                       LOG.info("UGI login: jaasAppConfig={}", 
jaasAppConfig);
+
+                                       try {
+                                               
MiscUtil.setUGIFromJAASConfig(jaasAppConfig);
+                                       } catch (Exception excp) {
+                                               LOG.error("UGI login: 
jaasAppConfig={} failed", jaasAppConfig, excp);
+
+                                               throw new 
RuntimeException(excp);
+                                       }
+                               } else {
+                                       String msg = String.format("UGI login: 
invalid configuration: %s=%s", ugiPrefix + ".jaas.appconfig", jaasAppConfig);
+
+                                       LOG.error(msg);
+
+                                       throw new RuntimeException(msg);
+                               }
+                       } else {
+                               LOG.warn("UGI login: invalid configuration 
{}={}", ugiPrefix + ".login.type", ugiLoginType);
+                       }
+               }
+
                RangerRequestScriptEvaluator.init(pluginConfig);
 
                this.dedupStrings   = 
pluginConfig.getBoolean(pluginConfig.getPropertyPrefix() + ".dedup.strings", 
true);

Reply via email to